What’s New in EventLog Analyzer?

New Features

The enhanced correlation interface contains twenty-five predefined attack rules, including those for ransomware, brute force, and more. You can now correlate logs from multiple log sources and create rules to suit your business environment.

Track the response and resolution process of incidents by assigning every alert to a specific administrator. Keep track of incident tickets with the built-in ticketing option, or raise tickets in external help desk tools - ServiceDesk Plus and ServiceNow.

Build 11080

The Correlation Engine has been completely upgraded to bring you complex attack detection across all devices on your network, enhanced field-level correlation, improved incident reports with timeline view, and much more:

Multiple log format support: Correlation is now carried out across multiple log formats, enabling you to correlate logs from Windows and Unix systems, network devices, and more.

Enhanced field-level correlation: Correlation can be done based on multiple log field values to provide fine-grained attack detection.

Out-of-the-box support for NetScreen and Checkpoint firewall devices log data. The new version comes with exclusive predefined reports and alert profiles that makes NetScreen and Checkpoint device auditing and monitoring easier.

The new version supports Nexpose vulnerability scanner log imports.

Exclusive reports for monitoring SonicWall VPN activities comes bundled with the new version.

The new version includes predefined reports that provide information on web traffic for Cisco firewall and routers.

Enhancements

External agent support is now being provided for Windows server core machines.

TLS 1.2 is used for enhanced agent-server communication.

File integration monitoring support has been extended for Windows file servers.

It is now possible to get the details of the users who renamed the file or folder in the predefined file integrity monitoring reports.

You can now directly apply the self-signed certificate directly from within EventLog Analyzer web-console.

Malicious IP and URL alerts: Upon analysing the threat feeds and log data from the network, the solution sends out real-time alerts if suspicious traffic or out going traffic to malicious domain is detected.

Malicious IP and URL alerts: Upon analysing the threat feeds and log data from the network, the solution sends out real-time alerts if suspicious traffic or out going traffic to malicious domain is detected.

New SonicWall device reports have been added for IDS/IPS and under the user account management category.

View the top and least values of the log data fields in all the predefined reports.

Full support for SolarWinds Windows Log Forwarder.

Fixes

The issue with IBM AS/400 date format has been fixed.

AS400 alerts were getting sent for devices not specified in the alert profile. This has been fixed.

Shared files and folders deleted via right clicks were not showing in the reports. This has been fixed.

The elastic search engine now resets the date in the log message and shows the results for the last 30 days if the start or end time in the log message time stamp exceeds the elastic search engine time range limit.

The issue with working of FTP scheduled import option when the file is specified as the root path has been fixed.

The issue with the working of Windows Snare agent has been fixed.

The issue with the working of log filter for Windows log collection via Snare agent has been fixed.

The issues with the update of 'Last Message Time' for devices in the Device Management page have been fixed.

The issue with generation of removable disk auditing reports has been fixed.

Enhancements

Managed server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11050.

Fixes

Users with roles other than the default admin and guest were not able to view the dashboard. This has been fixed.

Build 11030

Devices management and configuration has been improved for better usability. You can now check the log collection status, change the log monitoring interval, and enable or disable the device from a single window.

FIM events for agent directory folders are excluded by default.

Fixes

The following issues have been fixed:

Archive location path containing special characters has been aligned with Windows standards.

XSS vulnerability issue in rebranding and index pages has been fixed.

Server has been optimized for FIM folders exclusion to accept several agent requests.

JVM crashes no longer occur when importing log files.

Changes in filenames are dynamically reflected while updating the schedule.

Trend Reports does not reflect event counts with zero logs.

The issue with the count in the report export list has been fixed.

IP address based device search is now possible.

Enhancements

Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.3 Build 11030

No changes specific to Distributed Edition Admin Server in this release

Build 11010

The EventLog Analyzer web client language is automatically set based on the language setting of the browser. Also, the server side language is automatically set based on the machine in which it is installed.

Build 10000

Log collection and processing rate has been improved to 10x from the previous mark. EventLog Analyzer version 10 and above can handle 20,000 logs per second with the peak log handling capacity of 25,000 logs per second